VAR-201811-0102
Vulnerability from variot - Updated: 2023-12-18 14:01An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. CASE Suite Is XML An external entity vulnerability exists.Information may be obtained. Fr. Sauter AG CASE Suite is a software development kit for building automation systems from Swiss company Fr. Sauter AG. Sauter AG CASE Suite 3.10 and earlier. A remote attacker could use this vulnerability to cause a file leak. An attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "case suite",
"scope": "lte",
"trust": 1.8,
"vendor": "sauter controls",
"version": "3.10"
},
{
"model": "sauter ag case suite",
"scope": "lte",
"trust": 0.6,
"vendor": "fr",
"version": "\u003c=3.10"
},
{
"model": "sauter ag case suite",
"scope": "eq",
"trust": 0.3,
"vendor": "fr",
"version": "3.10"
},
{
"model": "sauter ag case suite service release",
"scope": "ne",
"trust": 0.3,
"vendor": "fr",
"version": "3.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "case suite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "BID",
"id": "105804"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sauter-controls:case_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17912"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "105804"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17912",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-44954",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17912",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17912",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-44954",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. CASE Suite Is XML An external entity vulnerability exists.Information may be obtained. Fr. Sauter AG CASE Suite is a software development kit for building automation systems from Swiss company Fr. Sauter AG. Sauter AG CASE Suite 3.10 and earlier. A remote attacker could use this vulnerability to cause a file leak. \nAn attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "BID",
"id": "105804"
},
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17912",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-305-04",
"trust": 3.3
},
{
"db": "BID",
"id": "105804",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2019-44954",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991",
"trust": 0.8
},
{
"db": "IVD",
"id": "F1122210-9EA6-41D9-A6CD-53D3BC909E01",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "BID",
"id": "105804"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"id": "VAR-201811-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
}
]
},
"last_update_date": "2023-12-18T14:01:03.843000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CASE Suite",
"trust": 0.8,
"url": "https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-305-04"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105804"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17912"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17912"
},
{
"trust": 0.3,
"url": "https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "BID",
"id": "105804"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"db": "BID",
"id": "105804"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105804"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"date": "2018-11-02T14:29:03.130000",
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44954"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105804"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013991"
},
{
"date": "2019-10-09T23:37:02.863000",
"db": "NVD",
"id": "CVE-2018-17912"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fr. Sauter AG CASE Suite XML External entity injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNVD",
"id": "CNVD-2019-44954"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "f1122210-9ea6-41d9-a6cd-53d3bc909e01"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-024"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…